Date: Wed, 28 Dec 2005 10:50:38 -0800 From: Julian Elischer <julian@elischer.org> To: Brian Candler <B.Candler@pobox.com> Cc: freebsd-net@freebsd.org Subject: Re: IPSEC documentation Message-ID: <43B2DE7E.5080707@elischer.org> In-Reply-To: <20051228155545.GA7166@uk.tiscali.com> References: <20051228143817.GA6898@uk.tiscali.com> <86lky5p7ik.fsf@srvbsdnanssv.interne.kisoft-services.com> <20051228155545.GA7166@uk.tiscali.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Candler wrote: >On Wed, Dec 28, 2005 at 04:26:43PM +0100, Eric Masson wrote: > > >>gif/gre tunnels and ipsec transport mode are quite convenient when >>associated with dynamic routing protocols. >> >> > >OK, I'll buy gif + IPSEC transport mode as an option. [Although in that >case, perhaps what you want is an external IPSEC tunnel mode implementation >which attaches to a 'tun' device. That's yet another category which I hadn't >even considered] > > I use ppp (mpd) over UDP over ipsec transport mode. That gives you a "ng0" interface for the tunnel. (netgraph pseudo interface) >I still think that gif + IPSEC tunnel mode (as currently documented) is not >a good approach, especially if it's the *only* mode of operation to be >documented and hence implicitly recommended as the 'right' way to do it. >_______________________________________________ >freebsd-net@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-net >To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43B2DE7E.5080707>